David Airey has lost his domain after his Gmail account was hacked by a hacker. But how did the criminal can take down David’s domain? You can read the full story here but if you want to know how the attacker did it, please read on.

First, the victim login to his Gmail account as normal. Then he visit to a website which contains a script that exploiting the vulnerability in Gmail. This script will create a new filter in the victim’s email. Like in the example above, the script creates a filter that will forward any email that has attachment to collect@evil.com.
But how about if the filter is set to forward all incoming emails to the attacker email? Do you will happy losing all your secret and passwords to the attacker? Of course you are not.
I have checked my filter settings in Gmail. Know what? There is a filter that forward incoming emails to *@colmac.com. I was shocked and removed it immediately. I do not know since when the filter was added and how many emails the guy at colmac.com had read. I hope they are happy what they are doing.
If you using Gmail, check your Gmail filters now. Who knows, maybe you are lucky and get strange filters in your Gmail settings. However, Google has fixed this problem but you are still be advised to check your filter settings.

What would you do if a criminal stole something very personal, and very valuable from you?
What if they were able to target your business and criple your income?
You wouldn’t be too happy now, would you?
What if you also discovered that this was happening because of a Google security infection that can affect every GMail user on the planet?
That’s what has just happened to me, and here I’m going to tell you my story. I will detail everything I know about the web pirates who are threatening my livelihood, and tell you what you need to know in order to avoid the same thing happening to you.
On November 20th 2007 I left the UK to spend a month’s holiday in India. I’d been planning this break for over a year, and was looking forward to taking my girlfriend away on our first foreign trip together. Prior to leaving, I published a blog post to let my readers know I’d be away for a while, and that my blog would be a quiet place in my absence.
All my clients were informed, bills paid, loose ends tied up, and off I went on a new adventure.
I arrived in Mumbai on November 21st, and on the journey from the airport to the Colaba district, was punched in the face by an Indian youth, but that’s another story.

During the month ahead, I knew I’d be irregularly checking my emails, but only to let my loved ones know everything was fine. This holiday was to be a break from work, and a break from computers.
Indeed everything was fine for a few weeks, until December 15th (five days before I was due to return from holiday). I called into an internet caf� in Goa, and read some worrying emails from good friends of mine. I was informed that my website had disappeared, and that my domain name (www.davidairey.com) was now redirecting to some random website - bebu.net.
I was confused, and anxious. How could this happen? I hadn’t received any notification of my domain name expiry, and I never divulge any passwords to anyone. The only possible explanation for me was that somehow, the domain name had expired without me receiving any notice, and that some domain poacher had snapped it up before I got a chance to renew.
My website had been pulling in over 2,000 unique daily visits. Not a massive amount by any stretch of the imagination, but for a one-man operation, 700,000+ annual visitors can generate a nice amount of new logo design business.
So I ran a WHOIS check on davidairey.com, hoping to find an email address for the new owner. The search yielded this email address: DAVIDAIREY.COM@domainsbyproxy.com and here’s the email I sent:

Hello,
Please can I purchase my old domain name from you. It seems it expired without my knowledge.
www.davidairey.com
Kind regards,
David

I found it hard to believe that I’d let my domain name expire, but thought it a good idea to send an email nonetheless.
On the very same day, I received a reply. It came from one supposed Peyam Irvani, telling me the following:

Hello,
Please send me your high offer !
Regards

By this stage, I’d already had some back and forth email discussions with close friends, wondering what exactly could have happened. I also contacted my web host company, ICDSoft, asking them to help. They were the ones who sold me the domain name after all. Shouldn’t they have informed me?
This is when I found a disturbing support ticket, posted in my web host support panel. It was supposedly from me, addressed to ICDSoft’s support team, and was created on November 20th, the exact date of my departure from the UK. It read the following:

Subject: Davidairey.com Transfer
Hello,
I want to transfer davidairey.com to another registrar please unlock it and send me the EPP transfer code.
Kind regards,
David

Within just one minute (ICDSoft’s support team are very fast) the following response had been supplied:

Hello,
We unlocked your domain name as requested. Here is its EPP code:
Domain name: davidairey.com
Auth/EPP key: 6835892AE0087D66
Best Regards,
Support

I immediately typed a reply to this ticket, asking for help, and wanting to know what I could do to resolve the situation. Here’s what I was told by the support team:

Unfortunately, the domain name has been transferred successfully, and it cannot be reverted. The current registrar may be able to give you more information.
The original ticket message was sent from this IP address: 207.36.162.100
The person who posted it must have had access to your email, too, because transfers have to be approved by the administrative contact in order to be successful.

What? Not only did the hacker gain access to my web host control panel, but they also squirmed their way into my email account? This is when I began to get very worried. I kept a lot of personal emails behind my username and password, and this was a real invasion of privacy. For a few minutes I sat in the net caf�, my girlfriend beside me, and I didn’t know what to think.
I sent an email to GoDaddy, where my domain had been illegally transferred to, and asked them to prevent any further transfers. I wanted the domain in one place whilst I investigated. Here’s what GoDaddy said:

Unfortunately if a transfer request is made and completed we will not be able to prevent this unless we receive the notice from a court or arbitration forum… I apologize for any inconvenience this may cause.

Okay, so GoDaddy can’t help until the matter is taken to court.
This whole process ran over a few days of my holiday, as GoDaddy took over 48 hours to respond. At this point, and on December 19th (four days after my first email to the web pirate, ‘Peyam’), I thought I’d send a reply, and here’s what I said:

Hello Peyam,
Well, congrats on your hack. I’d love to know how you did it.
Before this moves through the courts, in order to settle the dispute, I don’t suppose you’d be so kind to give me my domain back? It’d really save me a lot of hassle, but if that’s what it takes, so be it.

I saw no point in being aggressive, wishing to keep them ‘on-side’ as much as possible.
Again, that same day, I received a response:

:))
Im sorry to say but its not possible to have it or it take about 1 month if you try hard to have it again :)) and you lose your visitor ….hahaha
You can purchase it for 650 $ And we will use escrow sevices that will done in less than 2 days !

Now my domain name was being held to ransom, and the hacker was taunting me. What I had spent more than a year building into a sound marketing plan had been severed at the knees.
I’m not the type of person who will hand any money over to a criminal, so I didn’t reply, instead focusing on stopping this hacker from stealing any more of my property.

How was I being hacked?

After a little research, I found this expos� into Google’s GMail defficiences: Google GMail E-mail Hijack Technique
It details the exact GMail hijack that I have just found applied to my account (right whilst writing this blog post).
Here’s an excerpt:

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim�s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

And here’s a three step illustration of just how this threat works (click each image for a larger version):Images courtesy of GNUCITIZEN
I took a look at the ‘Filter’ option in my own GMail settings, and it turns out that you can easily set incoming emails containing specific words to be forwarded automatically. For example, if you want any emails containing the word password to be sent to another address, no problem. It also appears that the Filter can delete the email from your GMail inbox as soon as it has been forwarded, so you’d be none the wiser if a hacker was playing havoc with your incoming mail.IMPORTANT: If you use GMail, it’s absolutely vital that you check your account settings now.
Here’s what to do:
When logged into GMail, click on the ’settings’ tab in the upper right of the screen. Then check both the ‘Filters’ and the ‘Forwarding and POP’ sections. This is what I only just found in my ‘Filters’ tab:

The following filters are applied to all incoming mail:
Matches: transfer-approval.com
Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it
Matches: from:(transfer-approval.com)
Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it

I have absolutely no idea who’s email address that is, but it seems to me that some of my personal emails were bypassing my inbox entirely, instead being forwarded to the yahoo.com address.
It appears that the GMail security issue is fixed, but that won’t remove any previously installed Filters from your GMail account.

What do I know about the hacker stealing my property?

I have a GMail address, pay.irv@gmail.com, and what’s possibly some fictitious name, Peyam Irvani.
There’s also the Yahoo email address, ba_marame_pooli@yahoo.com, where my emails were being forwarded to through the malicious Filter.
ICDSoft provided me with the IP address from where the fraudulent support ticket originated (207.36.162.100), and it’s possible to search for it’s physical location using a free online IP address locator. I’d never used one before, but gave it a shot…
According to IP Global Positioning, the IP is in the United States. Fort Lauderdale, Florida, to be more precise, and the Internet Service Provider is known as Cybergate INC (based in Mississippi, USA).
I’m not entirely sure just how much this information can help me, if at all, but I thought it might be useful.
A little unexpectedly, I received a third email from ‘Peyam’ on December 21st, saying:

Helli David,
We can use escrow and you can have your domain name again
Only for 250 $ !
Do you want it ?!
Its special christmas offer ! haha
I like to see you have that domain name again

I don’t care if it costs $0.02. I won’t give my money to a criminal.
You might be wondering what I did to ressurect my website from oblivion. You’re reading this post after all. Before the theft, I had both davidairey.com and davidairey.co.uk, with the .co.uk permanently redirecting to the .com (I felt it would make more business sense to use the .com as my main address due to its ease of memorability.
I’m now using www.davidairey.co.uk domain as my main address. What does this mean? It means that all my organic search results are reset to zero. Whereas once I was on the first page of search results for logo designer, I’m now nowhere to be found.
It also means that my business cards are now incorrect, and my email addresses too. Quite an expense, but I’d rather fight in the courts than give one penny to the person who did this.
During the site move, I found to my detriment that I was linking to my blog images entirely the wrong way. I had been uploading my picture files to a subdomain (blog.davidairey.com/images) then placing them inside my blog posts from there. This meant that whenever the domain name changed to davidairey.co.uk, so did that subdomain. It now became blog.davidairey.co.uk/images. Therefore, my site was missing every single image I’d ever added.
In order to fix this, I moved all the picture files to a new folder, in the root directory at davidairey.co.uk/images. Now, when I insert an image into a blog post, I don’t use the full URI, but cut the address to it’s bare minimum, like so: img src=”/images/example_filename.jpg”
This means that should I ever re-change my domain name, back to the .com for instance, the images will automatically pull whatever domain name I’m using, without the need for a change.
I’m now also using this technique for internal hyperlinks. Rather than linking to my contact page like so: “http://www.davidairey.co.uk/contact”, I’ll simply use “/contact”.
Much better, and uses less code too.

Where can I get help with domain name disputes?

This is the stage I’m at now, weighing up my options before it comes to paying legal fees. This is also where I’m calling on your valued help. I know that many of you are much more clued up on this than I am, and if you can spare some advice in the comments here I’d be very appreciative.
In my email communications with GoDaddy (the company where my .com domain name is now registered), a representative had this to say:

Should we receive notice of a pending dispute from a court or arbitration forum, we will lock the domain name so it cannot be transferred or have the registrant information modified. Likewise, when we receive a decision from the legal body, we will update the domain name accordingly.

They then directed me to the WIPO (World Intellectual Property Organization, domain.disputes@wipo.int).
So I looked into this organisation’s website, and in particular, the section on domain name dispute resolution resources.
There’s a FAQ section which provides information on a number of items, including the following:

To cut a long story short, it seems I have to pay a minimum of $1500 for the pleasure of initiating a court case. All fees are listed here.
As for how long the process lasts, this information isn’t very obvious on the WIPO website, so at present I’m unsure.

What should I do?

From what I understand, the only option is to proceed with legal action (again, I’m not paying the thief one penny).

Do you know any different?

Do I have a good case to proceed with?

Is there any other information available online about the pirate who is blackmailing me?

If you can provide any of these answers, it would mean a lot.

Thank you

Thank you so much to those of you who kindly emailed me at the start of this situation: Vivien, Ben, Tammy, Armen, Dawud, Ed and Jamie. I know that more of you tried, but that I didn’t receive your emails because my accounts no longer existed.
Thank you also, to everyone who is lending their support in the comments of my previous blog post, David Airey.com hacked. Many of you have also published my news on your own blogs, and this really lifts my spirits, showing just how great the people in the blog world are:
Here’s a sampling of your kind help:

It truly is fantastic that you’d go to this effort, and if there’s anything I can do in return, do let me
know.
UPDATE: My domain name has been returned! You can read how in this follow-up blog article, posted here on my site on December 27th.

Yesterday, I found a new Google.com XSS vulnerability that can be abused to steal information from Gmail accounts, I've done responsible disclosure of at least 3 vulns to Google, but since I haven't got enough 'motivation', I'll go full disclosure now.
The vulnerability exists in Blogspot polls feature, I had already disclosed a vulnerability on this system. The 'font' parameter was not being sanitized before being used inside an STYLE tag, so you could inject IE's expression() and Mozilla's -moz-binding. They fixed it, however they didn't check enough the rest of the code, the new XSS is:Simple XSS POC
Since its Sunday and there is nothing else to do, I've created 2 more pocs, one of them, shows a your contacts, the second one will make Gmail forward all new received emails to another email account, no user interaction required, well you just need to open a website while still logged to Gmail.
POC1: http://beford.org/stuff/contacts.htm
POC2: http://beford.org/stuff/gmail.htm

I have tested them under IE, Konqueror, Opera and Firefox, it should work on all of them. If
you want to be protected against this kind of attacks, I'd highly recommend Firefox +NoScript.

Update: Google fixed this issue, I'd like to ask the people that looked at the second poc to disable forwarding if you have not done so, I'm still getting ton of email. This screenshot shows how to disable forwarding.

Tehran and the Russian Rosoboronexport arms group are about to sign a mammoth arms deal running into tens of billions of dollars for the sale to Tehran of 250 Su-30MKM warplanes and 20 IL-78 MKI fuel tankers. DEBKAfile’s military sources report Iran has stipulated delivery of the first aircraft before the end of 2007.

The transaction, Russia’s largest arms deal in 30 years, will endow Iran with a long-range aerial assault capability. The Sukhoi can sustain a four-and-a-half hour raid at its maximum range of 3,000 km against long-distance, marine and low-lying ground targets across the Persian Gulf and Middle East, including Israel and Lebanon.

The fuel tankers extends the Su-30MKM’s assault sustainability to 10 hours and its range to 8,000 km at altitudes of 11-13 km. The closest comparable plane in the West is the American F-15E fighter bomber. Iran’s acquisition of an exceptionally large fleet of the Russian fighter-bomber will elevate its air force to one of the two largest and most advanced in the region, alongside the Israeli Air Force.

Iranian air crews are already training on the new Sukhoi aircraft, ready to start flying them early next year with only a short delay after delivery. DEBKAfile’s sources report that Moscow is selling Tehran the same Sukhoi model as India received earlier this year. The Iranians leaned hard on New Delhi to let them have the Israeli avionics and electronics the Indian Air Force had installed in the Russian craft. India refused.

Russia began delivering the same craft in June to Malaysia, which also sought Israeli avionics without success. The Su-30MKM has won the nickname of “Islamic Version of Sukhoi.”

Its two-member crew shares the workload. The first pilot flies the aircraft, controls weapons and maneuvers the plane in a dogfight. The co-pilot employs BVR air-to-air and air-to-ground guided weapons in long-range engagements, sweeps the arena for enemy craft or missiles and performs as command-and-control in group missions.

Some of the plane’s systems are products of the French Thales Airborne Systems company. Moscow’s contract with Tehran for the sale of the Su-30MKM must therefore be cleared with Paris.

There is no decision in Jerusalem about asking Paris to withhold its consent to a deal which would substantially upgrade the long-range air assault capabilities of the Islamic Republic whose leaders want to wipe Israel off the map. However, President Nicolas Sarkozy is in mid-momentum of a diplomatic drive in the Arab and Muslim world and unlikely to be receptive to an Israeli approach. The only chance of aborting the Russian sale would be to route the approach through Washington.

If you were a child of the 1980s, or are just a fan of very-late-night cable television, then you've most likely seen Michael Knight (played by a pre-Baywatch David Hasselhoff) and his chatty supercar sidekick, KITT (Knight Industries Two Thousand), do battle with bad guys on the small-screen action-adventure show Knight Rider.

At first glance, KITT appeared to be a sporty 1982 Pontiac Trans Am, fresh off the assembly line. But thanks to a little Hollywood razzle-dazzle, the car transformed into a virtually indestructible machine—possessed with advanced artificial intelligence that allowed it to accept voice control commands, interact with "The Hoff" and make decisions on its own. In fact, the car's AI was so advanced that KITT formed a kind of personality, which is what has endeared the "car" to millions of auto geeks in a way the Batmobile never could be. But when the show was shelved in 1986, so was KITT.

Last week, NBC unveiled an all-new, controversial KITT, which is set to star in the made-for-TV Knight Rider movie in February. Based on the still-to-be-released Ford Mustang Shelby GT500KR (click here for engine-revving video), this virtual Stang comes tricked out with a supercomputer that can hack almost any system; a very capable weapons system; and a body—thanks to nanotechnology—that's able to shape-shift and change color at will. Like its predecessor, the 21st century KITT gets AI from digital effects wizards that makes it an ideal crime-fighting partner: logical, precise and infinitely smart.

Designer Harald Belker, who has created the Batmobile for Batman and Robin and a next-gen space shuttle for Armageddon, came onboard to give the new KITT. a unique look. "The goal was to make it look more aggressive without being hokey or garish," Belker says. "Maintaining as much of the original beauty of the Shelby as possible was important—and not just because of the Ford connection. It had to be simple yet believable as a superhero." Once his vision was set, Belker turned to Ted Moser from Picture Car Warehouse to make his drawings come to life. But there was one big hurdle: The GT500KR doesn't technically exist quite yet. "So we had to finish their design first," Moser says. "Then we brought in a prop maker to create side skirts and spoilers out of wood, smooth them out, and sent them to a fiberglass shop to make molds. Once the parts are formed from those molds, we finish them and attach them to the car."

One of the cooler features of the Mustang KITT is air-ride suspension, which allows its driver to lower the car's ride height when the vehicle morphs from Hero to Attack mode. "When it goes on the offensive, it gets slammed to the ground," Moser chuckles. Very aggressive, indeed. There will be three models used in filming: Hero (essentially a stock GT500KR); Attack (the tricked-out model); and Remote Control (operated via RC, obviously). "All of the ‘transforming' will be done through CGI animation like in the Transformers movie," Moser admits. (Click here for behind-the-scenes digital wizardry from this summer's blockbuster flick.)

For all you Trans Am holdouts, Mustang droolers and Hasselhoff haters, here's the very first look at all of the new KITT's gee-whiz specs and functionality, matched up to the original to determine which is better equipped for Hollywood crime-fighting.

Cloning is a topic of much debate that has uses for good and uses that aren’t so good. Being able to clone animals with specific disease states could make it easier for researchers to tackle genetic diseases that affect animals and humans alike.

Another group of South Korean scientists has cloned cats with a florescent protein gene that makes them glow red in ultra violet light. Similar techniques have been used in everything from roundworms to goldfish to pigs. The procedure used in the cloning process is hoped to be able to help develop treatments for genetic diseases.

The lead scientist on the project, Kong Il-keun from the Gyeongsang National University was able to produce a trio of cats with the altered glowing gene. The cats were born in January and February, two grew to adult and one cat was still born.

The South Korean Ministry of Science and Technology said in a statement, “It marked the first time in the world that cats with [altered fluorescence protein genes] RFP genes have been cloned.”

What Do the Cops Have on Me?

What turns up when a police officer punches your name into the computer.

By Brad Flora
Posted Tuesday, Dec. 4, 2007, at 5:53 PM ET
Drew Peterson, the former Bolingbrook, Ill., police sergeant suspected of murdering his third and fourth wives, is now also under investigation for police misconduct. New evidence suggests that Peterson used official law-enforcement databases to check up on his fourth wife and her associates before she disappeared. Peterson's attorney says it was common practice for Bolingbrook police to run checks for friends and family, and to run prank names to alleviate boredom. What can the police learn about you from these database queries?
Your name and aliases; your Social Security number; where you live; when you were born; the color of your skin and eyes; any scars, tattoos, or identifying marks; your height, vision, and gender; what kind of car you drive, whether it's a stolen vehicle, and your license and plate numbers; your traffic violation history; your local, state, and federal criminal history; and your fingerprints
Local police gather this information from five main databases. A search of records from the state registration agency (called the "Department of Motor Vehicles" in most places) yields information on your car and to whom it's registered. There's another archive of driver's license records, kept in some states by the DMV and in other states by a separate licensing agency, which has facts on where you live, your driving record, and sometimes a digital copy of your license photo. Outstanding arrest warrants will show up in a third database, and a person's criminal history can be found in either the local police records or the federally operated National Crime Information Center database, which culls from local, state, and federal files. (Some police agencies also subscribe to research tools that are available to the general public, like LexisNexis and credit reporting services.)
Access to the databases works a little differently in every agency. In general, police have unrestricted access to the DMV, driver's license, and warrant databases, as well as the local police records. In some departments, the information can be obtained via Windows-based graphical user interfaces, while other offices still use DOS-like text interfaces. Either way, it works a lot like searching for a book at the library: Officers click a shortcut on their computer desktop to open a window that will let them search by name, license number, date of birth, or Social Security number, and return all matching records.
Looking up a person's federal and state criminal history is more complicated, though this also varies from local agency to agency. In some departments, officers can query the NCIC database directly from their office computers or the mobile data computer in their squad car; in others, officers must submit a formal request to their records department and sign a statement saying it's part of an ongoing investigation—and that the record will be destroyed when the investigation is over.
Got a question about today's news? Ask the Explainer.Explainer thanks Maj. Robert Stack of the Lexington Division of Police in Lexington, Ky., and Tim Dees of Officer.com.Brad Flora is a Slate intern.Article URL: http://www.slate.com/id/2179180/

List of Intel codenames

Intel has historically named IC development projects after geographical names (since they can never be trademarked by someone else) of towns, rivers or mountains near the location of the Intel facility responsible for the IC. Many of these are in the American West, particularly in the state of Oregon (where most of Intel's CPU projects are designed; see well-known project codenames). As Intel's development activities have expanded, this nomenclature has expanded to Israel and India. Some older codenames refer to celestial bodies.
The following table lists known Intel codenames along with a brief explanation of their meaning and their likely namesake.

Probably named after Mount Katmai, a volcano in the Katmai Park in Alaska, the site of a colossal 1912 eruption. Incidentally Katmai is also the codename of a Microsoft project: the next release of SQL Server.

Reference uncertain. Moorestown is a place located in Lawrence County, Indiana. Other places by the name of Moorestown exist as well. It may also be a play on the name of Gordon Moore, co-founder of Intel and author of Moore's law.

Morgan Hill

i865GV chipset

Morgan Hill is a city located in the southern part of Santa Clara County, California

Poulsbo, a waterfront city in Kitsap County, Washington, United States. Named after Paulsbo, Norway, a mistake on the application for establishing a post office resulted in the town being officially named Poulsbo in 1886.

Poulson

a future generation of Intel's Itanium 2 processor family, expected to come to market in 2009, after Tukwila

a quad-core processor, partially based on Woodcrest, using the new Common System Interface (CSI) bus. This project was cancelled and replaced with the Tigerton processor on the Caneland platform. CSI technology won’t appear until the second-generation 45nm processor Nehalem.

Whitefield is the name of several places in the USA, India, and the United Kingdom; see Whitefield.